The first sign that the world had been afflicted by one of the worst cyber-attacks in history came in a relatively innocent message: “Oops, your important files are encrypted.” It almost sounds accidental; it was not. The attack began on the morning of June 27 in Ukraine and quickly spread across the globe, infecting systems in France, Germany, Italy, Poland, United Kingdom, Australia and the United States.
The scale and scope was unprecedented and relied on a virus known as NotPetya, which infected systems through M.E. Doc, a popular tax accounting software in Ukraine. The attack hit bank websites, major industrial enterprises, government computer systems, the postal service and Kyiv’s international airport and subway system. It crippled about 2,000 organizations, including Antonov, Kyivstar, Vodafone Ukraine, Lifecell, and TV channels STB, ICTV and ATR. Approximately 10 percent of government and commercial personal computers were infected.
The cyber criminals struck on the eve of Ukraine’s Constitution Day, a national holiday that celebrates Ukrainian independence from the Soviet Union. This allowed the virus to tear through government computers and spread while the unsuspecting offices remained unmanned in observance of the holiday. The attack was also timed to do symbolic damage to the government of Ukraine.
Through email servers and network connectivity, the NotPetya virus spread to computers worldwide. In the United States, the attack impacted a health network that included two hospitals, 18 community facilities and more than 3,500 employees. The hospitals could not create electronic records for a week, forcing patients to delay procedures and treatments. The attackers also hit UK-based Reckitt Benckiser, which makes Lysol spray. Due to disruptions in its supply chain, Reckitt Benckiser cut its full-year sales growth forecast to 2 percent from 3 percent.
The scale of the NotPetya attack has triggered an inquiry into the attackers’ intentions. While theories abound, well-known cyber security expert Matt Suiche and other analysts have come to a disturbing conclusion. Their analysis suggests that the main purpose of the attack was financial disruption and widespread destruction.
The attackers sought to cripple Ukraine and its international partners. Post-attack forensics showed that hackers used M.E. Doc to collect sensitive information from chief financial officers, accountants and other key financial figures for three months. Then they unleashed the NotPetya virus to try to cover their tracks and inflict as much damage as possible.
The Security Service of Ukraine concluded: “The virus is cover for a large-scale attack on Ukraine.”
Ukraine has suffered wave after wave of cyber-attacks since the 2014 Revolution of Dignity and the ouster of pro-Russian President Viktor Yanukovych. The mounting democratic and pro-Western sentiment of the Ukrainian reformers terrified the Kremlin. In a blatant attempt to influence the Ukraine elections, Russian hackers targeted Ukraine’s voting infrastructure.
Since then, Ukraine has faced an unrelenting storm of Russian aggression, much of which was in the cyber sphere. In 2015, for example, Russian hackers attacked Ukraine’s power grid causing power outages that lasted six hours and affected upwards of 230,000. As cyber security expert and co-organizer of the Global Cyber Security Summit Ryan Brack stated: “Ukraine is considered a test bed for attacks on major infrastructure.”
Ukraine’s President, Petro Poroshenko has declared that Russia “unleashed a cyber war against our country.” Poland’s Minister of National Defense Antoni Macierewicz echoed Mr. Porocheko’s sentiments: “Russia, against the willful thinking of others, is showing clearly that its role is purely destructive.”
Russia’s actions are reckless, destructive, and illegal. At the same time, Ukraine is working hard to push back against the threat. Thanks to such government cybersecurity efforts over the past three years, the office of Ukraine’s president was able to defend itself against the recent attack. At the same time, Ukraine needs a cyber overhaul, starting with a full recognition of the public-private nature of an effective cyber defense.
More must be done. The West can and should help. Following the attacks on Ukraine, Secretary General of NATO, Jens Stoltenberg, affirmed the role of the international community in the process, calling it an “important part of our cooperation with Ukraine” and vowing to “continue it.” One such proposal calls for the formation of a NATO-Ukraine Working Group, set up in the framework of the NATO-Ukraine Commission, that could provide the essential leadership. That working group could identify and address the existing gaps in Ukraine’s defense.
Clearly, Ukraine cannot go it alone. Any weakness in Ukraine’s defense is a weakness through which foreign adversaries can gain entry to the entire world. The West must join Ukraine in the fight to stop these cyber evildoers at the doorstep.
• Dmytro Shymkiv is the deputy head of the presidential administration of Ukraine and secretary of the National Reform Council.